Blog Post

Securing MongoDB – User Administration

,

The db.createUser(user, writeConcern) method used to create users.We need to provide the username, password and roles

The definition of createUser as follows

{ 
user: "<name>",
pwd: "password>",
customData: { <User Tag> },
roles: [
    { role: "<role>", db: "<database>" },
    { role: "<role>", db: "<database>"},    ...
        ]
}

Role

Role is an approach to restricting system/DB access to authorized users.The security hierarchy is similar to various DB technologies. There are various roles are

Database User Roles

  • read
  • readWrite

Database Administration Roles

  • dbAdmin
  • dbOwner
  • userAdmin

Cluster Administration Roles

  • clusterAdmin
  • clusterManager
  • clusterMonitor
  • hostManager

Backup and Restoration Roles

  • backup
  • restore

All-Database Roles

  • readAnyDatabase
  • readWriteAnyDatabase
  • userAdminAnyDatabase
  • dbAdminAnyDatabase

Superuser Roles

  • root

Internal Role

  • –system

The Roles are a self explanatory. For further reading, read the following MongoDB reference manual Roles

Create User

 

db.createUser(
 {
 user: "reportUser",
 pwd: "12345678",
 roles: [
             {role: "read", db :"northwind"},
             {role: "readWrite", db: "records"},
             {role: "backup", db: "admin"},
             {role:"clusterAdmin", db: "admin"},
             {role:"readAnyDatabase", db: "admin"}
         ]
 }
)

 

Identify the user roles by using db.getUser()

db.getUser("reportUser")

CreateUser1

Change Password

>db.changeUserPassword("reportUser","!@#$1234Mongo")

Drop a user from mongodb using the db.dropUser()

>db.dropUser("reportUser")

Revoke a role from the user using revokeRolesFromUser()

>db.revokRolesFromUser(
"reportUser",
[
{role: "readWrite", db:" northwind"},
{role: "backup", db: "admin"}
]
)
CreateUser2.jpg

Rate

You rated this post out of 5. Change rating

Share

Share

Rate

You rated this post out of 5. Change rating